Steve <cb849754-465b-4382-8d3f-ae9f3ca97...@gulli.com> wrote on 7/31/11
5:34:03 PM:
> I'd like to know more about this. I have never heard of any GnuPG
> etiquette. Not saying that there isn't any,
There is etiquette ("good manners") in every aspect of life, including
and especially IT life, where communicating parties are not physically
in contact.
At least, there should be.
> but if you know more about
> that and what is nice to do and what isn't
I know what I have learned through many years of dealing with
cryptographic software, at the *amateur* level, by trial and error, by
reading on-line and printed material, and by asking experienced users.
It is not a matter of "nice" or "not nice". It is simply a matter of
what is done, and what is not done, in my opinion.
- wouldn't it be great to
> have a wiki-page with that information? What do you think? Worth a try?
> Afaik, you have a GitHub account, right?
I have a GitHub account.
I am not a WiKi person, and I don't pretend to teach anything.
Let whoever is interested to search for information, and learn.
>> The latter possibility (to fake my identity) is to be taken into
>> consideration, and the risk should be taken.
>
> What do you mean by that? Use your name and mail address and create a
> new key pair with that information? That is possible and most likely
> can't be presented why then again we have the web of trust and ability
> to sign keys.
I miss your point.
*Signing* keys is a process that requires knowing the person whose key
you intend to sign.
If you don't know that person, you use other means of identification in
face-to-face meetings ("signing parties"), or by exchanging
identification documents authenticated by a notary public, or any other
means that can satisfy the signatories.
One does not download a public key, sign it with an exportable key and
upload the signed key block to a keyserver, without the express
invitation, agreement and knowledge of both parties.
>> As for requesting to expressly sign-up for a mailing list, I believe it
>> is good practice that should be enforced. Here too, it is the sole
>> privilege of the list owner/maintainer/moderator/mom to request
>> registration. GPGTools.org <http://GPGTools.org> does not request
>> registration, it is their
>> privilege.
>
> What do you mean by that? We should enforce signing-up? What is in your
> opinion the downside of not enforcing that?
I am not telling you what you should do or not do.
I am telling you, explicitly, that it is GPGtools.org sole privilege to
request prior registration, or not.
Of all the mailing lists I am subscribed to, GPGTools.org is so far the
only one that does not require prior registration.
And again, for the fourth time, it is GPGTools.org privilege to do so.
Best regards,
Charly
_______________________________________________
gpgtools-users mailing list
gpgtools-users@lists.gpgtools.org
FAQ: http://www.gpgtools.org/faq.html
Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users
Unsubscribe:
http://lists.gpgtools.org/mailman/options/gpgtools-users/arch...@mail-archive.com?unsub=Unsubscribe&unsubconfirm=1
This email sent to: arch...@mail-archive.com
